Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


New version of Crowt worm could block infected browsers

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

April 12, 2005

Trend Micro has just warned that new and different variations of the Crowt worm could block infected browsers from accessing certain websites belonging to some antivirus companies such as Symantec, McAffee and Trend Micro.

Crowt.D, first discovered last Wednesday, opens up the Google News site upon infection, then alters the computer's hosts file to add a list of Web site addresses, the antivirus company said in an advisory last week.

When people click on one of those addresses, they are redirected to a local loopback address instead, a move that blocks access to the sites in the list. The worm restricts access to antivirus vendor sites including Trendmicro.com, Kapersky-labs.com, Sophos.com, Symantec.com and Us.mcafee.com.

Phishing schemes typically use spoofed Web sites that look like they belong to a trusted provider, such as an online retailer, but are actually hosted by scammers. The sites attempt to get people to type in confidential information such as passwords and credit card numbers.

The Crowt.D infection's ability to redirect people from one Web site to another is especially dangerous when it involves an online banking service, Biviano said.

"Banks are telling their customers to type their specific Web site address into the browser. However, if the host file has been compromised, then even if the URL is typed in, the browser will still go to the phishing Web site," Biviano said.

Biviano said the Crowt variant can redirect people, regardless of which browser they use.

"It uses the Windows associations to launch a file, so it will open your default browser," he said. The worm affects Microsoft Windows 95, 98, ME, NT, 2000 and XP, and spreads by sending itself out to e-mail addresses found in the Windows Address Book.

DNS poisoning is another method that is being used by hackers to try to redirect Internet users to fraudulent Web sites. On Wednesday, Microsoft advised customers who use its server software to reconfigure their settings to avoid such attacks.

Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer